
member, separating by the second member the second session key from the key exchange 
response message if the second member is a participating member, separating by the 
second member the first session key for each of the first members from the key exchange 
response message, and sending each of the first session keys to its respective first 
member. — 



In the Claims : v 

Please canpdf claims 1-53 without prejudice. 



Please 



ajkftte 



following new claims: 



54. (New) A method of conducting an electronic transaction using an 
electronic\ard having a public key of a service provider, the method comprising: 

dnitiating a transaction at a cardholder location by encrypting at least a 
portion of a message with the service provider's public key from the electronic card and 
sending the message^ a service provider location; and 

completing the transaction between the cardholder and the service 
provider in response to the message. 




55. (New) The method V claim 54 wherein the message comprises a key 
exchange request message, the initiation^ the transaction mirther comprising: 

generating a session key at tn^service provider location in^sponse to the 
key exchange request message; 

formatting a key exchange response "h^ssage having the session key at the 
service provider location; and 

sending the key exchange response messa^a to the cardholder location; 
wherein the transaction is completed using the session key. 



56. (New) The method of claim 55 wherein the key x^xchange request 
message includes a public key of the of the cardholder 
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\ 57. (New) The method of claim 54 wherein the message comprises a key 
exchange request message having a public key of the cardholder and a cardholder 
challengkfor the service provider, the initiation of the transaction further comprising; 

\ generating a session key at the service provider location in response to the 
key exchangeVequest message; 

rormatting a key exchange response message at the service provider 
location comprising the session key, a response for the cardholder challenge and a service 
provider challenge fot the cardholder; 

sending Nhe key exchange response message to the cardholder location; 
and \ 

formatting a response for the service provider challenge at the cardholder 
location and sending it to the service provider location; 

wherein the transaction is completed usitfigffli^session key. 

58. (New) The method oKclaim 56 of 57 wherein the initiation of the 
transaction further comprises: \ 

formatting a transaction request messa ge - nstii g the session key at the 
cardholder location; \ 

digitally signing the transaction^ request message at the cardholder 
location; \ 

sending the transaction request message from the cardholder location to 
the service provider location; \ 

formatting, at the service provider location, a transaction response 
message for the cardholder using the session key; \ 

digitally signing the transaction response message at the service provider 
location; and \ 

sending the transaction response message to the caraholder location. 

59. (New) The method of claim 58 wherein the transaction, request message 
includes account information, transaction amount, and transaction afcrta each being 
encrypted with the session key. \ 
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60. (New) The method of claim 58 wherein the transaction request message 
includes plain text. 

61. YNew) The method of claim 58 wherein the transaction request message 
includes a transaction identifier assigned to the cardholder by the service provider. 

62. (New\The method of claim 58 wherein the transaction response message 
includes plain text. 



63. (New) The method of claim 58 wherein the transaction response message 



includes a transaction identifier assigned to the cardh<flder 



the service provider. 



64. (New) The methoc^of claim 58 ^herein the initiation of the transaction 
further comprises: 

formatting, at the caftpiolder lockj on, a J rgftg^ction acknowledgment 
message using the session key; 

digitally signing the transaction acknowledgement message at the 
cardholder location; and 

sending the transaction acknowledgment message to the service provider 

location. 



65. (New) The method of claim 64 wherein transactional acknowledgement 
message comprises acknowledgement data encrypted with the session key. 

66. (New) The method of claim 64 \herein the transactional 
acknowledgement message comprises plain text. 



67. (New) The method of claim 64 wherein^ the transactional 
acknowledgement message comprises a transaction identifier assigned to the cardholder 
by the service provider. 
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o8. (New) The method of claim 54 wherein the message comprises a key 
exchange request comprising a public key of the cardholder and a first cryptogram having 
a cardholde\ challenge encrypted with the service provider's public key from the 
electronic cardMie initiation of the transaction further comprising: 

digitally signing the key exchange request message at the cardholder 
location; \ 

sendingythe key exchange request message from the cardholder location to 
the service provider location; 

generating \ second cryptogram at the service provider location in 
response to the key exchange request message, the second cryptogram comprising a 
service provider challenge ancka session key together/^icryptea with the cardholder's 
public key; \ / I 

formatting, at the service provider/ location, a key exchange response 
message including the second cryptogran and a response to cardholder challenge; 

digitally signing the ke\ exchanges response^afessage at the service 
provider location; \ 

sending the key exchange response message from the service provider 
location to the cardholder location; \ 

generating, at the cardholder location, a third cryptogram comprising a 
service provider challenge response encrypted with me session key; 

attaching the third cryptogram to a transaction message; and 

digitally signing both of the transaction message and the third cryptogram 
together at the cardholder location, and sending them to the\ervice provider location. 

69. (New) The method of claim 68 wherein the key exchange request message 
and key exchange response message each comprises plain text. \ 

70. (New) The method of claim 68 wherein the key exchange request message 
comprises the cardholder's public key encrypted with the service provider's public key. 
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71. (New) The method of claim 68 wherein the generation of the second 
cryptoWam further comprises encrypting a cardholder challenge response as part of the 
second Vyptogram. 

72. \ (New) The method of claim 68 wherein the generation of the second 
cryptogram farther comprises encrypting a transaction identifier as part of the second 
cryptogram. 



73. (New) The method of claim 68 wherein the key exchange response 
message further includes a transaction identifier comprising plain text. 

74. (New) THe method of claim JIZ furthei comprising using the transaction 
identifier with a second transaction message [following the transaction message and going 
from the cardholder location tb the service provider location. 



75. (New) The methodL of claim 54 wherein the message comprises a key 
exchange request message having a public key of the cardholder, and wherein the sending 
of the key exchange request message comprises sending the key exchange request 
message from the cardholder location to>a second cardholder location and from a second 
cardholder location to the service provia^r location, the initiation of the transaction 
further comprising: 

combining, at the second cardholder location, the key exchange request 
message from the cardholder location with a second key exchange request message 
generated at the second cardholder location, and sending the combined key exchange 
request message, signed at the second cardholder\jocation, to the service provider 
location; 

formatting a key exchange response message at the service provider 
location including a session key for the cardholder locationVnd digitally signing the key 
exchange response message, formatting a key exchange response message including a 
second session key for the second cardholder location, combining the key exchange 
response messages into a combined key exchange response \message, signing the 



LAS99 1252286-1.064808.0011 



9 



\ 



combined key exchange response message at the service provider location, and sending 
the combined key exchange response message from the service provider location to the 
second\ardholder location; and 

separating, at the second cardholder location, the key exchange response 
messages fdr the second cardholder location from the key exchange response message for 
the cardholder location, and forwarding the key exchange response message for the 
cardholder location to the cardholder location. 



76. (New) Yhe method of claim 75 further comprising: 

formatting at the first cardholder location, a transaction request message 
using the session key for\he cardholder locati^fTa^c| digitally signing the transaction 
request message; 

sending the transaction requestj messagfe from the cardholder location to 
the second cardholder location; 

formatting, at the ^cond cardRi&ldeLJet^tion, a transaction request 
message using the session key for the second cardholder location; 

combining, at the second cardholder location, the transaction request 
messages into a combined transaction \equest message and digitally signing the 
combined transaction request message; 

sending the combined transaction request message from the second 
cardholder location to the service provider locatioi 

formatting, at the service provider location, a transaction response 
message using the session key for the cardholder location and digitally signing the 
transaction response message; 

formatting, at the service provider lockion, a transaction response 
message using the session key for the second cardholder location; 

combining the transaction response messages iiato a combined transaction 
response message and digitally signing the combined transactior^ response message at the 
service provider location; 

sending the combined transaction response menage to the second 
cardholder location; 
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\ separating, at the second cardholder location, the transaction response 
message into\tfie transaction response message for the cardholder location and the 
transaction response message for the second cardholder location; and 

forwarding the transaction response message for the cardholder location 
from the second cardholder location to the cardholder location. 

77. (New) The r^ethod of claim 76 further comprising: 

formatting, at the cardholder location, an acknowledgment message using 
the session key for the cardholder location and digitally signing the acknowledgement 
message; \ jS* ^\ 

sending the acknowledgment message/from the first cardholder location to 
the second cardholder location; and \ I 

formatting, at the second cardholder location, an acknowledgment 
message using the session key for the second caraheldaiJoG#tfon, combining the 
acknowledgment messages into a combined ^acknowledgment message, and digitally 
signing the combined acknowledgement message at the second cardholder location; and 

sending the combined acknowledgment message from the second 
cardholder location to the service provider location. \ 

78. (New) The method of claim 77 wherein the session keys are the same. 

79. (New) The method of claim 77 wherein the session\eys are different. 

80. (New) The method of claim 77 wherein the key ^change response 
message for the second service provider member terminal includes the public key for the 
service provider member terminal, and the key exchange response message for the 
cardholder location includes a public key of the second cardholder location. \ 

^^"84^^ (New) A method of conducting an electronic transaction using an 
electronic card haviilg-a^ublic key of a service provider, comprising: 



LAS99 1252286-1.064808.0011 



11 



\ formatting a key exchange request message at a member, at least a portion 
of the key exchange request message being encrypted using the service provider's public 
key from the electronic card; 

sending me key exchange request message from the member to the service 

provider; 

generating a session key at the service provider in response to the key 
exchange request message; \, 

formatting a key exchange response message including the session key at 
the service provider; \. 

sending the key exchange responseSnessage from the service provider to 
the member; and \. 

using the session key to complete the transaction. 

82. (New) The method of claim 81 wherein the key exchange request 
message includes a public key of the member. 

83. (New) The method of claim 82 wherein the key exchange request 
message further includes a member challenge for the service provider, and the key 
exchange response message further includes a response to the member challenge and a 
service provider challenge for the member, the method further comprising formatting by 
the member a response to the service provider challenge and sending it to the service 
provider. 

^^84. (New) The method of claim 82 or 83 wherein the use of using the session 
key to complete^ transaction comprises: 

formattihg^by the member a transaction request message using the session 
key, the transaction request message including a digital signature of the member, and 
sending the transaction request messagMQthe service provider; and 

formatting at the service provutet^a transaction response message for the 
member using the session key, the transaction respohs^including a digital signature of 
the service provider, and sending the transaction response me&sqge to the member. 
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85. (New) The method of claim 84 wherein the transaction request message 
includes account information, transaction amount and transaction data, and wherein the 
formatting of the transaction request message by the member comprises encrypting with 
the session key the account information, the transaction amount and a portion of the 
transaction data. 

86. (New) The method of claim 84 wherein the transaction request message 
comprises plain text. 

87. (New) The method of claim 84 wherein the transaction request message 
comprises a transaction identification assigned to the member by the service provider. 



90. (New) The method of claim 84 wherein the transaction response message 
includes plain text. 

91. (New) The method of claim 84 wherein the transaction response message 
includes a transaction identifier assigned by the service provider to the member. 

92. (New) The method of claim 84 further comprising formatting at the 
member, using the session key, a transaction acknowledgment message, digitally signing 
by the member the transaction acknowledgment message, and sending the transaction 
acknowledgment message to the service provider. 




The method of claim 84 wherein the transaction request message 



r herein the transaction response message 
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93. (New) The method of claim 92 wherein the transaction acknowledgement 
message includes data encrypted with the session key. 

94. (New) The method of claim 92 wherein the transaction acknowledgement 
message includes plain text. 

95. (New) The method of claim 92 wherein the transaction acknowledgement 
message includes a transaction identifier assigned to the member by the service provider. 

9<L (New) A method of conducting an electronic transaction using an 
electronic caKd having a public key of a service provider, comprising: 
generating a member challenge by the member; 

encrypting by the member the member challenge using the service 
provider's public key \om the electronic card to generate a first cryptogram; 

formattingsby the member a key exchange request message including the 
first cryptogram and a public^ey of the member; 



signing digitally is^y the member the key exchange request message; 
sending the digitallYsigned key exchange request message to the service 



provider; 



generating by the service provider a service provider challenge; 
generating by the service provider a session key; 

encrypting by the service provide: the service provider challenge and the 



session key using the member's public key to generate a second cryptogram; 

formatting by the service provider a Key exchange response message 
including the second cryptogram and a response to memberschallenge; 

signing digitally by the service provider tire key exchange response 



message; 



sending the digitally signed key exchange response message to the 
member; \ 

encrypting by the member a member response for the service provider 
challenge using the session key to generate a third cryptogram; V 
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attaching the third cryptogram to a transaction message going from the 
member to the service^rovider; 

signing digit&Hy by the member the transaction message going from the 
member to the service provider; 

sending the transaction ntessage going from the member to the service 
provider to the service provider. 

97. (New) The method of claim 96 wherein the key exchange request message 
and key exchange response message each comprises plain text. 



c 



98. "^(]^ew) The method of claim 96 wherein the key exchange request message 
comprises the cardholctefisjpublic key encrypted with the service provider's public key. 




99. (New) The method of clalit>s% wherein the generation of the second 
cryptogram further comprises encrypting a cardholcteisQliallenge response as part of the 
second cryptogram. 

100. (New) The method of claim 96 wherein the generation of the second 
cryptogram further comprises encrypting a transaction identifier as part of the second 
cryptogram. 

101. (New) The method of claim 96 wherein the key exchange response 
message further includes a transaction identifier comprising plain text. 



102T^JNew) The method of claim 101 further comprising using the transaction 
identifier with a seconfrtrajisaction message following the transaction message and going 
from the cardholder location to m&sqrice provider location. 



103. (New) A method of communicatioi^u^g an electronic card having a 
public key of a service provider, comprising: 
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\ formatting a first key exchange request message at a first member, the first 
key exchange request message having a public key of the first member, and at least a 
portion of tffie first key exchange request message being encrypted using the service 
provider's publrfc key from the electronic card; 

sending the first key exchange request message from the first member to a 
second member; \ 

combining at a second member, a second member key exchange request 
message with the first number's key exchange request message and sending the 
combined key exchange request message, signed by the second member, to a service • 
provider; \ 

formatting a key exchange response message at the service provider 
including a first session key for the first member, signing the response message, 
formatting a key exchange response message including a second session key for the 
second member, combining the key exchahge response messages into a combined key 
exchange response message, signing the combined key exchange response message, and 
sending the combined key exchange response message to the second member; and 

separating at the second member, the\ey exchange response message for 
the second member from the key exchange response message for the first member, and 
forwarding the key exchange response message for the first inember to the first member. 

104. (New) The method of claim 103 further comprising: 

formatting by the first member, using the first session key, a transaction 

request message, signing the transaction request message, and sending the transaction 

request message to the second member; 

formatting by the second member, using the second session key, a 

transaction request message; 

combining by the second member, the second member transaction request 

message with the first member transaction request message, signing the combined 

transaction request message, and sending the combined transaction request message to 

the service provider; 
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formatting by the service provider, using the first session key, a 
transaction response message for the first member, and signing the transaction response 
message; 

formatting by the service provider, using the second session key, a 
transaction response message for the second member; 

combining the transaction response message for the first member with the 
transaction response message for the second member to form a combined transaction 
response message, and signing the combined transaction response message; 

sending the combined transaction response message to the second 

member; 

separating at the second member, the transaction response message for the 
first member from the transaction response message for the second member; and 

forwarding by the second member the transaction response message for 
the first member to the first member. 

105. (New) The method of claim 104 further comprising: 

formatting at the first member, using the first session key, an 
acknowledgment message, signing the acknowledgment message, and sending the 
acknowledgment message to a second member; and 

formatting at the second member, using the second session key, an 
acknowledgment message, combining the second member acknowledgment message 
with the first member acknowledgment message to form a combined acknowledgment 
message, signing the combined acknowledgment message, and sending the combined 
acknowledgment message to the service provider. 

106. (New) The method of claim 103 wherein the first session key is different 
from the second session key. 

107. (New) The method of claim 103 wherein the first session key is the same 
as the second session key. 
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108. (New) The method of claim 103 wherein the key exchange response 
message for the second member includes the public key of the first member, and the key 
exchange response message for the first member includes the public key of the second 
member. 

V 109. (New) A method of communication using an electronic card having a 
publicskey of a service provider, comprising: 

\ formatting a first key exchange request message at a first member, the first 
key exchange request message having a public key of the first member, and at least a 
portion of the\first key exchange request message being encrypted using the service 
provider's publicVkey from the electronic card; 

senoing the first key exchange request message from the first member to at 
least one intermediate^member coupled in series between the first member and the service 
provider, each of said aNeast one intermediate member being either a message router or 
a participating member; \ 

generating, if sW at least one intermediate member comprises at least one 
participating member, at each of the participating members a key exchange request; 

receiving at the seWice provider a combined key exchange request 
message from said at least one intermediate member, the combined key exchange request 
message comprising the first key exchange request message and the key exchange request 
message generated by each of the participating members; 

generating at the service provider a first session key for the first member 
and a participating session key for each of the participating members; 

formatting at the service provider \ key exchange response message 
including each of the first and participating session keyk 

sending the key exchange response message from the service provider to 
said at least one intermediate member; \ 

separating by each participating member itX respective participating 
session key from the key exchange response message; and \ 

sending the first session key from said at least one intermediate member to 
the first member. V 
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110. The method of claim 109 further comprising: 

encrypting a first transaction request message using the first session key at 
the first member; 

sending the first transaction request message from the first member to said 
at least one intermediate member; 

generating, if said at least one intermediate member comprises at least one 
participating member, at each of the participating members a transaction request message 
encrypted using its respective participating session key; 

receiving at the service provider a combined transaction request message 
from said at least one intermediate member, the combined transaction request message 
comprising the first transaction request message and the transaction request message for 
each of the participating members; 

formatting at the service provider a combined transaction response 
message comprising a transaction response message for the first member and each of the 
participating members; 

sending the combined transaction response message from the service 
provider to said at least one intermediate member; 

separating by each participating member its respective transaction 
response message from the combined transaction response message; and 

sending the transaction response message for the first member from said at 
least one intermediate member to the first member. 

111. (New) The method of claim 109 wherein the first session key and the 
participating session keys are each different from one another. 

112. (New) The method of claim 109 wherein the first session key and the 
participating session keys are the same as each other. 

113. (Ne^)^^method of communication using an electronic card having a 
public key of a service providerTcoIripftaing: 
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formatting a key exchange request message at each of a plurality of first 
members, the key exchange request message for one of the first members having a public 
key ot^said one of the first members, and at least a portion of the key exchange request 
messages for said one of the first members being encrypted using the service provider's 
public key^rom the electronic card; 

sending from each of the first members its respective key exchange 
request message to a second member, the second member being either a message router 
or a participatingNjiember; 

generating, if the second member is a participating member, a second key 
exchange request message at the second member; 

combining at the second member the key exchange request message from 
each of the first members to form a combined key exchange request message, the 
combined key exchange request message further comprising the second key exchange 
request message if the second member is a participating member; 

receiving at the service provider the combined key exchange request 
message from the second member; 

generating at the servic^nrovider a first session key for each of the first 
members, and a second session key for tt^e second member if the second member is a 
participating member; 

formatting at the service provMer a key exchange response message 
including each of the first and second session keys; s 

sending the key exchange response m^sage from the service provider to 
the second member; 

separating by the second member the second session key from the key 
exchange response message if the second member is a participating member; 

separating by the second member the first session^key for each of the first 
members from the key exchange response message; and 

sending each of the first session keys to its respective fb^t member. 

1 14. (New) The method of claim 1 13 further comprising: 
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encrypting a transaction request message at each of the first members 
using their respective first session keys; 

sending from each of the first members its respective transaction request 
message to the second member; 

generating, if the second member is a participating member, a second 
transaction request message at the second member and encrypting the second transaction 
request message with the second session key; 

combining at the second member the transaction request message from 
each of the first members to form a combined transaction request message, the combined 
transaction request message further comprising the second transaction request message if 
the second member is a participating member; 

receiving at the service provider the combined transaction request message 
from the second member; 

generating at the service provider a transaction response message for each 
of the first members, and the second member if the second member is a participating 
member; 

formatting at the service provider a combined transaction response 
message including the transaction response messages for each of the first members, and 
the second member if the second member is a participating member; 

sending the combined transaction response message from the service 
provider to the second member; 

separating by the second member its respective transaction response 
message from the combined transaction response message if the second member is a 
participating member; 

separating by the second member the transaction response messages for 
each of the first members from the combined transaction response message; and 

sending each of the transaction response messages to its respective first 

member. 

115. (New) The method of claim 113 wherein the first session keys and the 
second session key are each different from one another. 
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